Scribd Logo
Upload

Welcome to Scribd!

  • Tools, Debugging and Troubleshooting

    Uploaded by

    Saeed Nashar
    5 views30 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views30 pages

    Tools, Debugging and Troubleshooting

    Uploaded by

    Saeed Nashar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    Tools, Debugging and Troubleshooting

    Fundamentals of IdentityIQ Implementation


    Overview
    Tools, Debugging and Troubleshooting
    • Factors in Successful Troubleshooting & Resolution
    • IdentityIQ Tools
    • Logging, Options & Configuration
    • IdentityIQ Console
    • Debug Page
    • Administrator Console
    • Java Development Kit (JDK)
    • jConsole

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 2


    Factors in Successful Troubleshooting
    • Detail-Oriented
    • Small inconsistencies can often cause large headaches.
    Infamous quote “I thought I could just ignore…”
    • Take detailed notes, follow documentation steps carefully
    • System Familiarity
    • Knowing about IdentityIQ and what is going on can make a huge difference in determining
    causes of issues.
    • Training and time spent with the product.
    • Methodical Testing
    • Repeatable testing is the only way to guarantee success.
    • Don’t change more than one variable at a time when testing
    • Environmental Awareness
    • Keeping aware of the happenings on a larger scale (database, application server, JVM) will
    help.
    • It might not be related to IdentityIQ

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 3


    Logging

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 4


    Logging
    Options
    IdentityIQ AppServer
    • log4j Logging
    • Standard Out (App Server location)
    • Email redirection
    • Audit configuration
    • Syslog logging configuration

    IdentityIQ Database

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 5


    Log4J Configuration
    • Log4J 101
    • Logging Levels:
    • trace
    • debug
    • info
    • warn
    • error
    • Configured in log4j.properties file
    • Global Configuration
    • log4j.rootLogger=error,file (change error to other level for global log4j changes)
    • Logging Configuration per Class
    • Uncomment out Class Logger names to enable.
    • Disabled:
    • #log4j.logger.sailpoint.api.Aggregator=debug
    • Enabled:
    • log4j.logger.sailpoint.api.Aggregator=debug
    • Changing Logging Levels for individual classes
    • Append Logging Level to end of Class Logger
    • log4j.logger.sailpoint.Aggregator=<logging level>

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 6


    Log4J Configuration
    • Update the log4j properties file
    • <install dir>/WEB-INF/classes/log4j.properties
    • Reload or change log file via Debug Page – preferred method
    • Multiple log4j files for different purposes
    • Optionally, bounce application server
    to reload
    • Warning: this will stop IdentityIQ

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 7


    Log4J Example
    • Inside of rule
    log.error(“This is an error message”);
    log.warn(“This is a warn message”);
    log.info(“This is an info message”);
    log.debug(“This is a debug message”);
    log.trace(“This is a trace message”);

    • What gets printed into log file if log level is set to “info”?

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 8


    Standard Out logging
    • Standard Out
    • Usage: System.out.println(“I’m logging this message.”);
    • Standard Out logging is NOT a best practice
    • Do not use in production
    • Not as useful as log4J since these messages are always printed no matter what
    • Useful for quick and dirty debugging
    • Configuration
    • App server configuration determines where to send this information

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 9


    Email Logging
    • Can redirect emails to file for testing, debugging, and troubleshooting

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 10


    Auditing
    • Configure
    • Gear  Global Settings  Audit Configuration
    • View
    • Intelligence  Advanced Analytics  Audit Search

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 11


    Auditing
    Extending

    • Add additional classes to AuditConfig • Enable desired option


    <AuditClass displayName="Role" name="Bundle"/>
    <AuditClass displayName="Certification" name="CertificationGroup"/>
    <AuditClass displayName="Access Review" name="Certification"/>
    <AuditClass name="Category”/>

    Note: Be aware of how much data you will collect

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 12


    Syslog – Incident Codes
    • When errors occur, an incident code may display in the UI

    • Enter incident code to retrieve details


    • Intelligence  Advanced Analytics  Syslog Search

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 13


    Syslog Log
    Configuration
    • Default = enabled, with no event deletion
    • Set “Days before syslog event deletion” (best practice)
    • Typically set to 30 days
    • Gear  Global Settings  IdentityIQ Configuration  Miscellaneous

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 14


    IdentityIQ Console and
    Debug Pages

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 15


    IdentityIQ Console
    • Command-line driven interface
    • Connects directly to database
    • Can be used to troubleshoot connectivity problems
    • “Quick Glance” view of what is happening
    • Some commands are only available via console
    • SQL query interface
    • Export
    • Authentication required to access console
    • Exception is spadmin with the admin password

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 16


    Console – Connector Debug
    • Available via the IdentityIQ Console only
    • Iteration Features
    • Displays Application Link (Accounts) in XML
    • Accounts: connectorDebug <Application> iterate account
    • Groups: connectorDebug <Application> iterate group
    • Connection Test Feature
    • connectorDebug <Application> test
    • Also displays associated Rules
    • Build Map Rule
    • Merge Maps Rule
    • Map to Resource Object Rule
    • Customization Rule
    • Output shows ResourceObjects just prior to Correlation and Creation

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 17


    Connector Debug Output
    • Output shows final Resource Objects

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 18


    Console Demonstration

    Copyright ©© SailPoint
    Copyright SailPoint Technologies,
    Technologies, Inc.
    Inc. 2017.
    2017. All
    All rights
    rights reserved.
    reserved. 19
    Advanced Configuration and Debugging
    IdentityIQ Debug Pages
    • Only available to users with System Administrator capability
    • Hidden context root for debugging options.
    • <IdentityIQ URL>/debug/
    • For Example, http://localhost:8080/identityiq/debug/
    • Provides Many Features
    • Viewing of all XML Objects
    • Editing of Raw XML Objects
    • Creating and Deleting of Objects
    • Access to Configuration
    • System Configuration
    • UI Configuration
    • Memory Usage
    • Garbage Collection Methods

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 23


    Debug Pages Demonstration

    Copyright ©© SailPoint
    Copyright SailPoint Technologies,
    Technologies, Inc.
    Inc. 2017.
    2017. All
    All rights
    rights reserved.
    reserved. 24
    Administrator Console

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 27


    Administrator Console
    • Summary view of provisioning transactions
    • Override to convert automated transaction to manual workitem
    • Retry to force next attempt for retry-enabled applications
    • System Administrator capability required to access console

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 28


    Administrator Console
    Configuration
    • Level of events in log
    • Success, Retry, Failure
    • Default Log Level = Failure
    • Event retention
    • Set to non-zero
    • Default is no purge

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 29


    jConsole

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 30


    jConsole
    Troubleshooting Application Heap/Memory Usage
    • Look for usage patterns
    Examples: Increasing memory usage or a spike in CPU or threads

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 31


    Knowledge Check

    Copyright ©© SailPoint
    Copyright SailPoint Technologies,
    Technologies, Inc.
    Inc. 2017.
    2017. All
    All rights
    rights reserved.
    reserved. 32
    Review Discussion
    • Which of the following log levels will provide the most detailed information?
    • Trace
    • Debug
    • Info
    • Warn
    • Error

    • True or False
    • It is a best practice to use Java println statements for logging.

    • When a serious system error occurs, and an incident code is displayed, where would an admin user go to see
    details of the error?
    • Administrator Console
    • Windows Event Viewer
    • Advanced Analytics  Syslog Search

    • True or False
    • The console commands export and checkout can both be used to export IdentityIQ objects into an XML format.

    Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 33


    Questions?

    35

    You might also like